Summary: | <net-fs/openafs-1.6.2: Multiple Buffer Overflow Vulnerabilities (CVE-2013-{1794,1795}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | andrej.filipcic, net-fs, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/52480/ | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-03-06 09:08:17 UTC
CVE-2013-1795 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1795): Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow. CVE-2013-1794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1794): Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry. updated versions are in the tree now Arches, please test and mark stable: =net-fs/openafs-1.6.2 Target KEYWORDS: "amd64 sparc x86 ~amd64-linux ~x86-linux" amd64 stable x86 stable sparc stable This issue was resolved and addressed in GLSA 201404-05 at http://security.gentoo.org/glsa/glsa-201404-05.xml by GLSA coordinator Mikle Kolyada (Zlogene). |